Open source Apache Tomcat vulnerable to a publicly disclosed vulnerability
CVEID: CVE-2019-0199
**Description:**Apache Tomcat is vulnerable to a denial of service, caused by the acceptance of streams with excessive numbers of SETTINGS frames and the permitting of clients to keep streams open without reading/writing request data by the HTTP/2 implementation. By sending excessive SETTINGS frames, a remote attacker could exploit this vulnerability to cause a denial of service.
**CVSS Base Score:**7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158637> for the current score
**CVSS Environmental Score:***Undefined
**CVSS Vector:**CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
IBM QRadar SIEM 7.3.0 - 7.3.2 Patch 1
QRadar / QRM / QVM / QRIF / QNI 7.3.2 Patch 2
None